New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[apex] False positives with ApexCRUDViolation #1418
Comments
@trentchilders thanks for the report. This is indeed a false positive, but it's one that PMD can't currently sort out. PMD is currently limited to same-file analysis. So, when it checks the code:
PMD has no idea what |
Thanks for the reply! |
So, even by adding the method to the file, I still get the false positive. Is this expected behavior?
|
@trentchilders yes, this is expected. As you use a The one thing we support is a
but support for this is very tailor made. Moreover, the check is currently very naive, as Apex has no real control flow support (unlike Java). This means, we can understand:
But we don't follow through a split statement
There is plenty of room for improvement, shall anyone be willing to take on this. Adding full support for control flow on Apex is a major task, but one that would greatly help many rules besides this one. |
I know you are looking "in stream" for the Schema check, but maybe you could look for the same final method names like "isAccessible", "isCreatable", etc. In this way, we could create Utility methods to do the checks and make it standardized instead of repeating the multi-line IF statements for (in our case) 3000 SOQL's/DML's. We created 4 Utility methods to meet the "spirit" of the security check, but PMD still identifies them. |
Affects PMD Version:
All
Rule:
ApexCrudViolation
Description:
Hello, I have encountered what I believe to be a false positive in the ApexCRUDViolation rule. Specifically the READ portion of that rule (or an isAccessible() check in Apex). I created a helper method so that I could dynamically do this check rather than hardcode every single field that I'm querying for. However, this still causes ApexCRUDViolation to fail its read check.
Code Sample demonstrating the issue:
Helper method:
And then to call it:
Running PMD through: Codacy
The text was updated successfully, but these errors were encountered: